1 hour 27 minutes
welcome to the second part of the course.
Now we're gonna go ahead and log in to the Windows seven Land machine user, user name, administrator
password is password within that sign.
Once we're in, we're gonna go to the start menu Type in sec, Paul, I'm a dot MSC and hit Enter.
Once we're there, we're gonna go to a local policies and then click on audit policy. The audit object asked access and then double click on that.
You want to check both boxes
under audit these attempts? So success and failure and then click. Okay.
Next, we're gonna open a file Explorer window and go to see program files Splunk bin and then Splunk, Dottie XY
right click on Splunk and then hit properties. And then from there we're gonna click on the security top and then go to advanced.
Next, we're gonna click on auditing and then click at it.
Go ahead and hit ad and then type everyone into the field
once you click. Okay, there'll be a window that pops up in that window. You're gonna check everything under successful and failed and then click OK again
once you're finished with this, go ahead. and reboot your machine.
Now we're gonna go ahead and verify the auditing. So we're gonna go back to Kelly.
Once you're back in Cali, click applications and then go to Internet and then click ice weasel for your browser
in the browser, you're gonna type http dot dot slash slash 192.168 dot 0.20 colon 8000.
doesn't click. Search in reporting
and then click on reports.
Now we're going to go back and log into the window. Seven. Machine.
Go to the start menu in type in event viewer. Dottie XY.
Under Windows logs, click on Security
and then in the right pane, click find and in the box that pops up type Splunk, Dottie XY and hit Find.
Go ahead and find the last five object access logs. First bunk.
In this lab, you learn how to skin a network with and map utility, identify access to a ***, server object and audit. Love